Skip to main content
ExLibris
  • Subscribe by RSS
  • ExLibris Dev

    Errors implementing the ORACLE Security patch CVE-2012-1675 in a TWO_TASK

    • Article Type: General
    • Product: Aleph
    • Product Version: 20

    Problem Symptoms:
    * While executing the script ./ora_listener_patch the following error below is displayed
    0] servername:/opt/app/XXXTST/scripts/admin # ./ora_listener_patch
    Verifying archive integrity... All good.
    Uncompressing Fix For Oracle Listener Security Issue...............
    Starting Fri Sep 21 08:31:47 CEST 2012
    Log location: /tmp/listener_config_output.20120921.083147.log
    Please enter Ex Libris customer code (country code + customer):
    NNXXX
    Please enter the products that you would like to patch (product1, product2 ...):
    Aleph

    Starting Fri Sep 21 08:31:47 CEST 2012
    [...]
    sqlplus to failed
    DONE Fri Sep 21 08:32:00 CEST 2012

    Cause:
    The problem can happen in cases when
    * the Oracle database is on a separate server
    * the Oracle software was installed and the database was created by the customer
    * Ex Libris Support has no access to the operating system command line on the database server

    Resolution:
    (by Oracle Support)
    * Oracle Support Note 1453883.1: "Using Class of Secure Transport (COST) to Restrict Instance Registration"
    Section 2 of the document is relevant:
    "Setting a COST restriction using the IPC protocol to limit registration to local instances."

    * Example for changes that are implemented using the script ora_listener_patch distributed by Ex Libris:

    Before the change:

    -- value of DB initialization parameter local_listener:

    not defined
    -- file listener.ora:

    LISTENER =
    (DESCRIPTION_LIST =
    (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = alephhost)(PORT = 1521))
    (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
    )
    )


    sid_list_listener=(sid_list=
    (sid_desc=
    (global_name=aleph20)
    (sid_name=aleph20)
    (oracle_home=/exlibris/app/oracle/product/11)
    )
    )

    After the change:

    -- value of DB initialization parameter local_listener:

    (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=REGISTER))

    -- file listener.ora:

    LISTENER =
    (DESCRIPTION_LIST =
    (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = alephhost)(PORT = 1521))
    (ADDRESS = (PROTOCOL = IPC)(KEY = REGISTER)) # line changed
    )
    )

    sid_list_listener=(sid_list=
    (sid_desc=
    (global_dbname=aleph20.alephhost.exl.de) # line changed: different parameter with different value
    # (equals the value DB parameters service_names)
    (sid_name=aleph20)
    (oracle_home=/exlibris/app/oracle/product/11)
    )
    )

    SECURE_REGISTER_LISTENER = (IPC) # line added

    Additional Information

    * steps of the script ora_listener_patch:

    -- changes the Oracle DB initialization variable local_listener
    -- stops Oracle Listener
    -- changes file i listener.ora
    -- starts Oracle Listener


    General description of ORACLE security patch CVE-2012-1675
    http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html


    • Article last edited: 10/8/2013
    //doorbell.io feedback widged